package gdut.jmxywz.interceptor;

import gdut.jmxywz.been.TeacherRole;
import gdut.jmxywz.been.BaseFunction;
import gdut.jmxywz.been.RoleFunction;
import gdut.jmxywz.been.Student;
import gdut.jmxywz.been.Teacher;
import gdut.jmxywz.service.CommonService;

import java.util.List;
import java.util.Map;

import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;

public class AuthenticationInterceptor implements Interceptor {

	/**
	 * 参考旧系统代码，有所改动
	 * lsl
	 */
	private static final long serialVersionUID = 1L;

	public static final String TEACHER_SESSION_KEY="teacherSessionKey";
	
	public static final String STUDENT_SESSION_KEY="studentSessionKey"; 

	private CommonService commonService;
	
	private String message;

	private Map session;
	
/*---------------------setter和getter方法--------------------------*/

	public CommonService getCommonService() {
		return commonService;
	}

	public void setCommonService(CommonService commonService) {
		this.commonService = commonService;
	}
	
	public String getMessage() {
		return message;
	}

	public void setMessage(String message) {
		this.message = message;
	}

/*#######################################################################*/
	public void destroy() {
		// TODO Auto-generated method stub

	}

	public void init() {
		// TODO Auto-generated method stub
		
	}

	public String intercept(ActionInvocation actionInvocation) throws Exception {
		// TODO Auto-generated method stub
		/*取action名*/
		String name=actionInvocation.getInvocationContext().getName();
		
		/*取命名空间namespace*/
		String namespace=actionInvocation.getProxy().getNamespace();
		
		/*如果不是根路径，要加反斜杠*/
		if(namespace!=null&&namespace.trim().length()>0){
			if(!("/".equals(namespace.trim()))){
				namespace +="/";
			}
		}
		
		/*取得action路径全名，包括后缀*/
		String actionUrl=namespace+actionInvocation.getProxy().getActionName()+".action";
		
		/*获得session值*/
		session=actionInvocation.getInvocationContext().getSession();
		Teacher teacher=(Teacher)session.get(TEACHER_SESSION_KEY);
		Student student=(Student)session.get(STUDENT_SESSION_KEY);
		
		if ((teacher == null)&&(student == null)) {
			this.setMessage("请你先登录");
			System.out.println("---------请你先登录----------");
			return Action.LOGIN;
		}else if ((teacher != null)&&(student != null)){
			/*老师和学生帐号都有登录成功 证明是学生登录，则转化为一个教师对象,方便权限管理*/
			String hql="from Teacher t where t.teacherNum='Students'";
			List list=this.getCommonService().findListByHql(hql, null);
			if(list!=null&&list.size()>0){
				teacher=(Teacher)list.get(0);
			}
		}		
		if ("00000001".equals(teacher.getTeacherNum())) {
			return actionInvocation.invoke();
		}
		
		/*获得并判断用户拥有的角色*/
		
		String hqlTeacherRoles="select tr from TeacherRole tr where tr.teacher.teacherId="+teacher.getTeacherId();
		
		List teacherRoles=this.getCommonService().findListByHql(hqlTeacherRoles, null);
		if(teacherRoles==null&&teacherRoles.size()<1){
			System.out.println("--------------用户----------" + teacher.getTeacherName()+ "没有任何角色，没有权限执行任何功能");
			return "noPermit";
		}
		
		/*获得功能对应的角色*/
		String hqlFindFunctions="from BaseFunction bf where bf.functionUrl='"+actionUrl+"'";
		List bfList=this.getCommonService().findListByHql(hqlFindFunctions, null);
		
		BaseFunction baseFunction=null;
		if(bfList!=null&&bfList.size()>0){
			baseFunction=(BaseFunction)bfList.get(0);
		}else{
			System.out.println("---------------------功能-----" + actionUrl+ "不存在，可能在数据库中没有输入");
			return actionInvocation.invoke();
		}
		
		String hqlRoleFunctions="select rf from RoleFunction rf where rf.baseFunction.FunctionId="+baseFunction.getFunctionId();
		List roleFunctions=this.getCommonService().findListByHql(hqlRoleFunctions, null);

		/*获得用户拥有的功能*/
		boolean flag=false;
		TeacherRole teacherRoleTemp=null;
		RoleFunction roleFunctionTemp=null;
		START: for (int i = 0; i <teacherRoles.size() ; i++) {
			teacherRoleTemp = null;
			roleFunctionTemp = null;
			teacherRoleTemp = (TeacherRole)teacherRoles.get(i);
			for (int j = 0; j < roleFunctions.size(); j++) {
				roleFunctionTemp = (RoleFunction)roleFunctions.get(j);
				if (teacherRoleTemp.getRoles().getRoleId().equals(roleFunctionTemp.getRoles().getRoleId())) {
					flag = true;
					break START;
				}
			}
		}
		if (flag) {
			System.out.println("-------------------success auth-------------------------");
			return actionInvocation.invoke();
		} else {
			System.out.println("----------------------用户" + teacher.getTeacherName() + "没有权限执行此功能"+ actionUrl);
			return "noPermit";
		}
	}

}
